While data aggregators can offer investors the convenience of a single snapshot of multiple financial accounts, they can also present cybersecurity, unauthorized use and identity theft hazards, the Financial Industry Regulatory Authority warns in a just-released alert.
The alert notes that consumers must first agree to provide aggregators their login information across financial accounts at separate financial institutions to track information on IRAs, 401(k)s, brokerage accounts and savings accounts.
To create a single “dashboard,” the alert states, aggregators will ask the user to provide their separate sets of username/password credentials so that it can access each financial account.
“Your security credentials allow the aggregation service to grab or ‘scrape’ this data, often on a daily basis,” using an automated process involving a code or a “robot” that goes out to the third-party websites, registers using your security credentials, and collects applicable account information.
However, sharing security credentials for financial account information can expose the user to privacy and security risks.
A key risk, the alert states, “is that the aggregators could be storing all consumer financial information or security credentials in one place, creating a new and heightened security risk for consumers.”
Also, many data aggregators may operate under “limited regulatory oversight and are not subject to the same regulation that registered financial institutions are subject to,” particularly in areas of data privacy and security.
If the aggregator sells investment products, consumers may also receive sales recommendations from that entity. “Evaluate any investment on its merits and with a clear understanding of risks and costs,” the alert states.
The alert provides a list of tips to help consumers protect themselves if they use a data aggregator or a service provider who use data aggregators, including understanding the aggregator’s privacy and data security measures.
FINRA also points to the Consumer Financial Protection Bureau’s principles for protecting consumers when they authorize third-party companies to access their financial data.